Re: Review Request 73618: RANGER-3458: Add rest api to get policy delta for given resource

Wed, 27 Oct 2021 22:40:36 -0700 

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/73618/
-----------------------------------------------------------

(Updated Oct. 28, 2021, 5:40 a.m.)


Review request for ranger.


Bugs: RANGER-3458
    https://issues.apache.org/jira/browse/RANGER-3458


Repository: ranger


Description
-------

**Problem Statement:**  To find incremental diff of policy changes for specific 
resource a specific API is needed and available API(mentioned below) does not 
give the results as expected.
API-1: policy download API used by 
plugins(/service/plugins/policies/download/{serviceName}) => This API can give 
the delta, however it does not filter for required resource set, also call for 
specific policyVersion might change the existing policy set in the cache.
API-2: for-resource API 
(/service/plugins/policies/{serviceDefName}/for-resource) => This API can give 
the set of policies for specific resource but can't give policy delta or 
changed policies set after a specific version.

**Proposed solution :** : 
Proposed solution contains the feature of both the API mentioned above and 
creates a separate policy engine and do not refer the existing policy engine 
used by plugins. 
This API can accept resource set and last synced policy version to figure out 
the policies changed after that. If delta could not figured out then it shall 
return all policies matching with provided resource. 
If policy has been deleted then it shall return guid of the policy with 
changetype 2('deleted')


Diffs (updated)
-----

  
agents-common/src/main/java/org/apache/ranger/plugin/model/RangerPolicyDelta.java
 5292a98cb 
  
security-admin/src/main/java/org/apache/ranger/biz/RangerPolicyAdminCache.java 
5a69231ef 
  security-admin/src/main/java/org/apache/ranger/db/XXPolicyChangeLogDao.java 
137b24100 
  security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java 
01e952a23 
  security-admin/src/main/resources/META-INF/jpa_named_queries.xml 96dc0df8e 


Diff: https://reviews.apache.org/r/73618/diff/2/

Changes: https://reviews.apache.org/r/73618/diff/1-2/


Testing
-------

Tested the API with various resource combinations and lastKnownVersion.


Thanks,

Pradeep Agrawal

Reply via email to